November 19, 2011

Officials Investigating Water Network Cyberattack

Claims that hackers managed to remotely compromise a central Illinois utility network and shut down a water pump on November 8 are being looked at by federal investigators, Reuters reported on Friday.

In what reporters from that news agency are saying could be "the first known foreign cyber attack on an industrial system on U.S. soil," state police and the Illinois Statewide Terrorism and Intelligence Center believe that hackers used credentials stolen by an unidentified American company to break into the water utility's computer network.

Joe Weiss, described by Reuters as "a prominent expert on protecting infrastructure from cyber attacks," read excerpts of a one-page report, prepared by the Center, which claimed that computer logs revealed that the attack originated from a computer located in Russia.

An Illinois State Police spokeswoman refused to comment, while the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) are examining the matter, Reuters added.

In a blog post written Thursday for ControlGlobal.com, Weiss said it is believed that the supervisory control and data acquisition (SCADA) software vendor had been hacked and that customer usernames and passwords were believed to have been stolen.

Weiss also confirmed that the IP address of the attacker had been traced back to Russia, that no water utilities he had spoken to were aware of the attack, and that it currently was not known whether or not other water system SCADA users had been targeted. He also confirmed that a water pump had been burned out because the SCADA system had been powered off and then powered back on.

He suggested that, as a result of the attack, several different preventative measures should be taken. Among them, according to Weiss: "Provide better coordination and disclosure by the government“¦ better information sharing with industry“¦ control system cybersecurity training and policies," and "implement control system forensics."

"This is a really big deal," Weiss told Elinor Mills of CNET.

In a statement, DHS spokesman Peter Boogaard said that the organization was investigating the incident. According to Mills, he "declined to comment on whether a security breach had occurred," and said, "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."